Microsoft has announced plans to ship three security bulletins this month to cover at least four serious vulnerabilities in all supported versions of the Windows operating system.

According to an advance notice from Redmond, one of the bulletins will be rated "critical" while the rest will carry an "important" rating. All three bulletins cover issues that could lead to remote code execution attacks, Microsoft said.

Microsoft last week quietly shipped an update to fix a security flaw in the in the Microsoft Malware Protection Engine. This engine powers Microsoft's range of anti-malware and security products (Forefront, Live OneCare, Security Essentials, etc.)

Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.

Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the company said the the update was installed along with the updated malware definitions for the affected products.

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem...
Full Bio

Disclosure

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.